Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??

There is a term for what you are attempting:

Security through Obscurity

...and it doesn't work. It's not even a halfway good idea; there is no partial payoff for partial effort. By making it difficult for a human to read you are simply setting up an interesting (or not-so-interesting) challenge for a would-be hacker. Without actual encryption, authentication, certification, etc. you gain absolutely no security from this approach.


However the statements you made are a bit confusing:

>I'd rather do something more secure.
>(note: I'm not encrypting. I'm trying to make it really hard for the privileged process to miss-interpret the message it receives.)

Perhaps security is not what you are after at all?

If you are only trying to prevent malformed commands from causing your application to crash, there is a very simple rule: don't execute anything sent in the command. Define all actions the application can perform in the server side code and simply allow the remote commands to trigger those actions in safe, meaningful sequences. If you need data from the user, don't use it directly, translate it into something pre-defined and use that. Read about taint mode for more about how to not execute anything that came from that dirty/evil/hacked outside world. The basic concept of taint mode is "There is no five-second rule." If it has ever touched the outside world, wrap it in a napkin and throw it away.

In reply to Re: Good IPC Message Protocols? by Cefu
in thread Good IPC Message Protocols? by pileofrogs

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (2)
As of 2024-04-25 07:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found